[ws-daemon] Umount dangling mask mounts

[csweichel]

Description

This PR unmounts mask mounts used during proc and sysfs mount preparation.

Related Issue(s)

Fixes #6732

How to test

1. Start a workspace
2. Look at the ws-daemon filesystem and ensure there are no dangling tmpfs mounts in /tmp/staging-*
3. Ensure that you cannot unmount any of the /proc masks, e.g. sched_debug
4. Run docker run --rm -it alpine:latest umount /proc/sched_debug which should fail with a permission denied error
5. Check there are no errors in ws-daemon

Release Notes

[ws-daemon] Fix resource leak during proc mounts

Documentation

[codecov]

Codecov Report

Merging #6733 (bd1a252) into main (87e44ed) will decrease coverage by 2.37%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##             main    #6733      +/-   ##
==========================================
- Coverage   19.04%   16.67%   -2.38%     
==========================================
  Files           2       25      +23     
  Lines         168     3244    +3076     
==========================================
+ Hits           32      541     +509     
- Misses        134     2641    +2507     
- Partials        2       62      +60     

Flag	Coverage Δ
components-local-app-app-linux-amd64	?
components-local-app-app-linux-arm64	?
components-local-app-app-windows-386	?
components-local-app-app-windows-amd64	?
components-local-app-app-windows-arm64	?
components-ws-daemon-app	21.96% <ø> (?)
components-ws-daemon-lib	21.96% <ø> (?)
installer-raw-app	6.16% <ø> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
components/local-app/pkg/auth/auth.go
components/local-app/pkg/auth/pkce.go
components/ws-daemon/pkg/quota/xfs.go	45.05% <0.00%> (ø)
components/ws-daemon/pkg/internal/session/store.go	19.38% <0.00%> (ø)
components/ws-daemon/pkg/content/config.go	33.33% <0.00%> (ø)
...staller/pkg/components/ws-manager/networkpolicy.go	0.00% <0.00%> (ø)
installer/pkg/components/ws-manager/role.go	0.00% <0.00%> (ø)
installer/pkg/common/render.go	0.00% <0.00%> (ø)
...onents/ws-daemon/pkg/internal/session/workspace.go	50.73% <0.00%> (ø)
components/ws-daemon/pkg/content/archive.go	57.95% <0.00%> (ø)
... and 17 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 87e44ed...bd1a252. Read the comment docs.

[csweichel]

/hold

[csweichel]

We also need to umount the proc/sysfs again thanks to CLONE_TREE

[aledbf]

/lgtm
/approve

[roboquat]

LGTM label has been added.

Git tree hash: 33ee4ee75b4f304cdea362f6c73c485df8ba1e70

[csweichel]

This change - as simple as it may seem - causes all sorts of problems:

1. breaks kubectl logs ws-dameon-...
2. breaks proc mounts for Docker container within the workspace

[csweichel]

/hold cancel

[aledbf]

/lgtm

[roboquat]

LGTM label has been added.

Git tree hash: 70af2f17b56a6b5df03aec4d0987cafdf2fb6b62

[roboquat]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: aledbf

Associated issue: #6732

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• components/ws-daemon/OWNERS [aledbf]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment